Some new whitepapers ...

• Previous message: Martin Schulze: "[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass"
• Next in thread: Lila Buchalski: "RE: Some new whitepapers ..."
• Reply: Lila Buchalski: "RE: Some new whitepapers ..."
• Reply: Jerome Athias: "Re: Some new whitepapers ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>
Date: Wed, 5 Oct 2005 13:20:16 +0100

Hey all,

I've written two papers available from here
http://www.ngssoftware.com/papers.htm

The first deals with buffer _underruns_ , DEP and Address Space Layout
Randomization on Windows. During the paper's review process I was pointed to
http://www.phrack.org/show.php?p=58 which deals with the same conceptual
issues to defeat PaX on Linux but, as my paper was completed, I thought I
may as well still go ahead and release it. Besides mine discusses buffer
underruns, too :)

The second paper talks about using inference as a means of drilling for data
with SQL injection and it is based upon a talk I presented at Blackhat
Europe earlier on in the year. I divide SQL injection data theft attacks
into three classes - inband, out-of-band and inference. The first, in-band,
uses the existing connection to get data out; the second, out-of-band, uses
another channel, e.g. smtp by using builtin database mail functions; and
lastly inference. With inference there is no actual transfer of data -
rather it can be inferred what the data is by making observations about
differences in the way an application behaves.

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/

• Previous message: Martin Schulze: "[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass"
• Next in thread: Lila Buchalski: "RE: Some new whitepapers ..."
• Reply: Lila Buchalski: "RE: Some new whitepapers ..."
• Reply: Jerome Athias: "Re: Some new whitepapers ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]